If you specify sid (job id), you cannot also specify q or s (saved search name)
Custom applications created in Splunk 4.3 or 5.0 with Application Views that contain dashboard panels which contain charts that offer "Open in Search" icons produce a 500 error when clicked, after an...
View ArticleHow to install *Nix app
Hi gang, I have been trying to install the newer Splunk App for Unix and Linux (5.0.0) on my Splunk recievers. I tried "upgrading" the Nix 4.6 and also tried to install it by itself. The download file...
View ArticleSearch works manually but not in dashboard
Below is a search I am using in a dashboard in a HiddenSearch module:search index=techsecu_summary source="Top-Internet-connection-permitted" | top asa_srcip, asa_dstip, asa_dstport | eval...
View Articleminimum permissions required for using http simple receiver
what are the minimum permissions required to add data to splunk using the http simple receiver http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTinput#receivers.2Fsimplethe example shows...
View ArticleStreamed search execute failed because: User '' could not act as: XXX
Hey, All my users except admin are getting this error: Streamed search execute failed because: User '' could not act as: XXXWith XXX being the user in question. I've checked all the permissions and...
View ArticleWho do I contact for help with my Splunk license?
Who do I contact for help with my Splunk license? We apparently exceeded the amount one too many times?
View ArticleError while validating databases
The server is a fresh installation of Fedora 19 x86_64, it is a completely minimal install with nothing else really added other than vim and git. I've set SELinux to permissive, and my firewall is...
View ArticleClient CORS proxy problem with express.js and Javascript SDK
The simple browser UI examples that work in the javascript SDK (using node sdkdo runserver) don't work in my express/node project, because I am not handling the proxy properly to get around the...
View ArticleHow to force deployment server to recognize specific forwarder IP address
I appologize if this is a double post. I don't know what happened to my previous attemt :PIn my environment the servers are configured with multiple IP addresses to add flexibility when moving services...
View Articlejoining across field matrix
Hi - I am trying to wrap my head around the following search - looking at join, appendcols and map commands to get the job done, but I am at a loss. I have about 3000 IP address pairs(endpoints of IP...
View ArticleIs it possible to sort or reorder a multivalue field?
Anyone have any thoughts as to how to reorder a multi-valued field? Ideally I'd like to be able to do a "sort" or in my specific use case, a "reverse" would be perfect.Say you have the following...
View ArticleCan I have the TA for windows auto install when pushing the Windows universal...
When you manually run the Windows Universal Forwarder .msi installer on a windows workstation, part of the setup process asks you to install the Technology Add-On for windows, (built in to the...
View Articlesplit function in calculated fields
When i try to save in Splunk Web calculated fields that contains split function i have a "Encountered the following error while trying to save: In handler 'props-eval': Bad function" message. Why i...
View ArticleHow do I find then number of elements in a comma delimited list?
Given the following log entry how would a find the number of host entries and assign it to a field?Thanks!FINEST|1137/0|Service KOALA-MANGOES|13-12-14 00:13:35|INFO: Available nodes: [host...
View Articlemaxmind geo database with splunk 6
Would it be possible to use the Maxmind IPv4 database in substitute with Splunk 6's ipv4 database for the maps function?
View Articlecan I create a saved search with php sdk like with javascript sdk?
hi, can I create saved searches with php sdk like with javascript sdk?
View ArticleWindows FileTime timestamp to human readable
I tried a lot to convert windows filetime timestamp [web]support.microsoft.com/kb/188768) to human readable using TIME_FORMAT, but was not able to. One sample timestamp is 130308696850032106. This is...
View ArticleCSV imports, headers as fields?
All,I have been following this documentation; http://docs.splunk.com/Documentation/Splunk/6.0/Data/ExtractfieldsfromfileheadersatindextimeNo combination of props.conf settings appears to be working....
View Articlewhere to find Splunk Data Visualizations Manual for splunk 5.0.3
where to find Splunk Data Visualizations Manual for splunk 5.0.3thanks,
View Articletime.sleep not working in modular input ?
I modified the helloworld in the python modular input example, to poll a website, and calculate the latency. I don't understand why it is not working when I add a time.sleep, without, it is workint...
View Article